AX301 MAGaK (Magnet AXIOM & GrayKey) Advanced iOS Examinations
An intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS examinations and the use of the GrayKey device.
Course Objectives
MODULE 1: COURSE INTRODUCTION
- Cover the basic prerequisites for both the AXIOM software and GrayKey unit.
MODULE 2: UNDERSTANDING IOS AND APPLE’S SECURITY
- Discussion-focused coverage of the iOS operating system’s security functions and structure.
- Learn about device protection class keys, understanding the handset lock codes and their function, as well as other functions of the operating system.
MODULE 3: USING THE GRAYKEY DEVICE
- Covering all the options and settings of the GrayKey unit in order to successfully and efficiently operate the device to extract information from iOS devices.
- Information about the latest versions of iOS will be discussed.
- Learn how to gain access to information previously unavailable by most forensic techniques.
- See how to extract information from devices that are still passcode-locked as well as techniques to deal with the bypassing of the passcodes standing in their way.
MODULE 4: DEVICE IMAGE TYPES
- Compare the different types of extractions that can be generated with the GrayKey units, what examiners can expect to find in each type, and how this information can help further investigations in multiple ways.
- Learn how to explore key artifacts available in these different image types, exclusive to the GrayKey style of data extraction, and how to build methodologies to attempt more efficient passcode cracking.
MODULE 5: IMPORTING DATA IN MAGNET AXIOM
- Understand the multiple ways to ingest information and develop a proper workflow for ingesting information from GrayKey extractions.
- Learn about several AXIOM functions such as Dynamic App Finder, Search for Custom Files by Type, and how to target secure messaging applications.
MODULE 6: EXPLORING ARTIFACTS IN MAGNET AXIOM
- Explore multiple artifacts, including deep diving into artifacts that are core to the iOS file system — core artifacts will be explored in depth including techniques for recovering deleted information from these databases.
- Advanced file system artifacts such as PowerLog and KnowledgeC will be covered to talk about application usage times and data amounts. These and other artifacts will be explored to show examiners how to track when targets are interacting physically with a device in a specified timeframe.
- Exclusive file system artifacts such as location history, third party applications, and more will also be explored.
There are no upcoming events at this time.